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Detailed Action 

Claims 1-21 are pending in this application. This is a response to the amendment filed 

on 1/10/05. 
Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1,2,6,7,9,10,13,14,15,19,20,21 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over US Patent 6,664,978 issued to Kekic et al.(Kekic) in view of US 
Patent 6,055,575 issued to Paulsen et al. (Paulsen). 

As per claim 1, Kekic teaches a method of controlling access of network 
management requests directed to one or more network devices that participate in a 
virtual private network(Fig.1-5c), the method comprising the computer-implemented 
steps of: receiving a request to carry out a management protocol operation(col.3, lines 
34-col.4, lines 28); identifying, among a plurality of managed objects, a subset of 
objects that requests associated with the network are permitted to access(col.4 lines 31- 
49); and providing the request with access to only the subset of objects(col.4, lines 31- 
49). 

Kekic does not however, explicitly teaches determining an identifier of a virtual 
private network in the request. 
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Paulsen teaches determining an identifier of a virtual private network in the 
request(col.7, lines 31-39). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic to explicitly add determining an identifier 
of a virtual private network in the request as taught by Paulsen in order to authenticate 
the identity of the remote client(Paulsen, col. 7, lines 34-35). 

One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen in order to provide a method for secure communication 
between a remote computer and a private computer network(Paulsen, col.1 , lines 8-12). 

As per claim 2, a method as recited in claim 1 , further comprising the steps of 
providing, at one of the network devices, a mapping of a plurality of identifiers of virtual 
private networks to corresponding views of subsets of managed objects(Paulse/i, Fig.1- 
4, Kekic, Figs. 1-7). Motivation to combine set forth in claim 1. 

As per claim 6, determining whether the identifier from the request is in the 
view-based access control model table(Kekic ,col.3, lines 20-22, col.4, lines 32-49); 
. when the identifier from the request is in the view-based access control model table: 
identifying a management information base variable referenced in the request(Kekic 
, col.4, lines 32-49); based on one or more MIB(MANAGEMENT INFORMATION BASE) 
Views referenced in the view-based access control model table, determining whether a 
protocol operation of the request is allowed for the variable(Kekic , col.4, lines 38-42); 
dispatching information identifying the variable and the protocol operation to a code 
implementation of the protocol operation only when the protocol operation is allowed for 
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the variable(Paulsen, col. 9, line 33-col.12, line 67). Motivation to combine set forth in 
claim! 

As per claim 9, Kekic teaches a method of controlling access of network 
management requests directed to one or more network devices that participate in a 
virtual private network(Fig.1-5c), the method comprising the computer-implemented 
steps of: 

receiving a request to carry out a management protocol operation(col.3, lines 34-col.4, 
lines 28), extracting the value and determining a protocol operation that is embodied in 
the request(col.4, lines 31-49); using a view-based access control model(Figs.1- 
7),processing the requested operation only if access is allowed to managed objects in 
the management information base, based on the matching management information 
base view(col.4, lines 31-49); matching the value to a management information base 
view that corresponds to the requested operation(col.4, lines 31-49). 

Kekic however does not explicitly teach the request contains a virtual private 
network identifier in a security name value(Paulsen, col.7, lines 31-39). 

Paulson explicitly teach the request contains a virtual private network identifier in 
a security name value( col.7, lines 31-39);. 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic to explicitly add the request contains a 
virtual private network identifier in a security name value as taught by Paulsen in order 
to authenticate the identity of the remote client(Paulsen, col.7, lines 34-35). 
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One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen in order to provide a method for secure communication 
between a remote computer and a private computer network(Paulsen, col.1, lines 8-12). 

As per claim 10, a method as recited in Claim 9, further comprising the steps of 
determining whether the request can be satisfied(Kekic, col. 4, lines 31-49); extracting 
the security name value from a context string in the request(Paulsen, col. 7, lines 32- 
45). Motivation to combine set forth in claim 9. 

As per claim 13, the method as recited in Claim 10, further comprising the steps 
of determining whether the security name is in a view-based access control model 
table(Fig.33); when the security name is found in the view-based access control model 
table: identifying a management information base variable referenced in the 
request(Kekic, col. 4, lines 32-49); based on one or more views referenced in the 
view-based access control model table, determining whether the protocol operation is 
allowed for the variable(Kekic, col.4, lines 38-42); dispatching information identifying 
the variable and the protocol operation to a code implementation of the protocol 
operation only when the protocol operation is allowed for the variable(Paulsen, col. 9, 
line 33-col.12, line 67); determining whether a virtual private network identifier is 
referenced in the request( Kekic, col.4, lines 32-39), processing the request using 
managed information objects in a default view when no virtual private network identifier 
is referenced in the request( Kekic, Figs.3-9D), and processing the request using 
management information objects in a view corresponding to the virtual private network 
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identifier only when a virtual private network identifies is referenced in the 
request(Kekic, col.4, lines 32-39). Motivation to combine set forth in claim 6. 

Claims 14, 19, 20 are rejected based on the same rationale as claim 1(see 
above). Motivation to combine set forth in claim 1. 

Claim 15 is rejected based on the same rationale as claim 2(see above). 
Motivation to combine set forth in claim 2. 

Claim 7 is rejected based on the same rationale as claim 6 (see above). 
Motivation to combine set forth in claim 6. 

As per claim 21 , Kekic teaches a method of controlling access of network 
management requests directed to one or more network devices that participate in one 
or more virtual private 

Networks(Figs.1-7), the method comprising the computer-implemented steps of: 
receiving a request to carry out a SNMP (Simple Network Management Protocol) 
operation directed to one or more managed objects from a MIB(MANAGEMENT 
INFORMATION BASE) (Management Information Base) associated with one or more 
network devices that participate in the networks(Figs.1-44); identifying, among a 
plurality of managed objects from a MIB(MANAGEMENT INFORMATION BASE) 
associated with a network device from the one or more network devices that participate 
in the networks(Figs.1-44), a subset of managed objects that requests associated with 
the particular network are permitted to access(col.4, lines 31-49); and in response to the 
request, providing access to only the subset of managed objects(col.4, lines 31-49). 
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Kekic however does not explicitly teaches multiple virtual private networks and 
determining, from the request, an identifier of a particular virtual private network of the 
multiple virtual private networks. 

Paulson teaches multiple virtual private networks(Fig.l) and determining, from 
the request, an identifier of a particular virtual private network of the multiple virtual 
private networks(col.4, lines 22-63). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic to explicitly add multiple virtual private 
networks and determining, from the request, an identifier of a particular virtual private 
network of the multiple virtual private networks, as taught by Paulsen in order to 
authenticate the identity of the remote client(Paulsen, col. 7, lines 34-35). 

One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen in order to provide a method for secure communication 
between a remote computer and a private computer network(Paulsen, col.1, lines 8-12). 

Claims 3,16 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 6,664,978 issued to Kekic et al.(Kekic) in view of US Patent 6,055,575 issued to 
Paulsen et al. (Paulsen) in further view of RFC 2571 , "An Architecture for Describing 
SNMP Management Frameworks", written by D. Harrington. 

Kekic in view of Paulsen teaches all of the limitations of claim 1 , however does 
not explicitly teaches as per claim 3, a method as recited in Claim 1 , further comprising 
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the steps of providing, at one of the network devices, a mapping of a plurality of 
identifiers of virtual private networks to corresponding views of subsets of managed 
objects, in the form of one or more entries in a view-based access control model table 
that associate SNMPv3 securityName values to corresponding MIB(MANAGEMENT 
INFORMATION BASE) Views. 

Harrington explicitly teaches a mapping of a plurality of identifiers of virtual 
private networks to corresponding views of subsets of managed objects, in the form of 
one or more entries in a view-based access control model table that associate SNMPv3 
securityName values to corresponding MIB(MANAGEMENT INFORMATION BASE) 
Views(pages 1 5-25). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic in view of Paulsen to explicitly add 
a mapping of a plurality of identifiers of virtual private networks to corresponding views 
of subsets of managed objects, in the form of one or more entries in a view-based 
access control model table that associate SNMPv3 securityName values to 
corresponding MIB(MANAGEMENT INFORMATION BASE) Views as taught by 
Harrington in order provide the framework for SNMPv3(Harrington, page 14). 

One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen and Harrington in order to provide a method for 
improvement in the SNMP(Harrington, page 1). 

Claim 16 is rejected based on the same rationale as claim 3(see above). 
Motivation to combine set forth in claim 3. 
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Claims 4,8,1 1,17 are rejected under 35 U.S.C. 103(a) as being obvious over US 
Patent 6,664,978 issued to Kekic et al.(Kekic) in view of US Patent 6,055,575 issued to 
Paulsen et al. (Paulsen) in further view of RFC 2575, "View-based Access Control Model 
for the Simple Network Management Protocol", written by B.Wijnen. 

Kekic in view of Paulsen teaches all the limitations of claim 1, however does not 
explicitly teaches as per claim 4, a method as recited in Claim 1 , further comprising the 
steps of providing, at one of the network devices, one or more entries in a view-based 
access control model table that associate SNMPv3 securityName values to 
corresponding MIB(MANAGEMENT INFORMATION BASE) Views, wherein each of the 
securityName values is associated with a virtual private network, and wherein the 
corresponding MIB(MANAGEMENT INFORMATION BASE) Views represent access 
control policies applicable to the associated virtual private networks. 

Wijnen teaches at one of the network devices, one or more entries in a 
view-based access control model table that associate SNMPv3 securityName values to 
corresponding MIB(MANAGEMENT INFORMATION BASE) Views, wherein each of the 
securityName values is associated with a virtual private network, and wherein the 
corresponding MIB(MANAGEMENT INFORMATION BASE) Views represent access 
control policies applicable to the associated virtual private networks( pages 5-10). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic in view of Paulsen to explicitly add 
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one of the network devices, one or more entries in a view-based access control model 
table that associate SNMPv3 securityName values to corresponding 
MIB(MANAGEMENT INFORMATION BASE) Views, wherein each of the securityName 
values is associated with a virtual private network, and wherein the corresponding 
MIB(MANAGEMENT INFORMATION BASE) Views represent access control policies 
applicable to the associated virtual private networks as taught bye Wijnen in order to 
restrict access of the rights of some groups to only a subset of the management 
information(Wijnen, page 4) 

One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen and Wijnen in order to provide a method for remotely 
managing the configuration parameters for the View-based Access Control Model. 

As per claim 8, a method as recited in Claim 1 , further comprising the steps of: 
providing, at a network management station that is communicatively coupled to the 
network devices, a mapping of a plurality of virtual private network identifiers(Paulsen, 
Fig.2) to SNMPv3 securityNames(Wijnen, pages 3-10); providing, at the network 
management station, an executable process that associates a virtual private network 
identifier with each SNMP request that is issued by the network management station to 
the network devices(Wijnen, pages 3-10). Motivation to combine set forth in claim 4. 

As per claim 1 1 , a method as recited in Claim 10, wherein the matching step 
further comprises the steps of determining whether the security name is in a view-based 
access control model table; rejecting and returning the request when the security name 
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is not found in the view based access control model table(Wijnen, pages 3-10). 
Motivation to combine set forth in claim 4. 

Claim 17 is rejected based on the same rationale as claim 4(see above). 
Motivation to combine set forth in claim 4. 

Claims 5,12,18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,664,978 issued to Kekic et al.(Kekic) in view of US Patent 6,055,575 
issued to Paulsen et al. (Paulsen) in further view of US Patent 6,614,791 issued to 
Luciani et al.(Luciani). 

Kekic in view of Paulsen teaches all the limitations of claim 1 , however does not 
explicitly teach as per claim 5, a method as recited in Claim 1 , further comprising the 
steps of providing, at one of the network devices, a mapping of a plurality of identifiers 
of virtual private networks to corresponding views of subsets of managed objects, and 
wherein the steps of identifying a subset of objects arid providing the request with 
access comprise the steps of: determining whether the identifier from the request is in 
the mapping; when the identifier from the request is in the mapping: identifying a 
management information base, variable referenced in the request; 
based on one or more views referenced in the mapping, determining whether a 
protocol operation of the request is allowed for the variable; dispatching information 
identifying the variable and the protocol operation to a code implementation of the 
protocol operation only when the protocol operation is allowed for the variable. 
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Luciani teaches the steps of providing, at one of the network devices, a mapping 
of a plurality of identifiers of virtual private networks to corresponding views of subsets 
of managed objects, and wherein the steps of identifying a subset of objects arid 
providing the request with access comprise the steps of: determining whether the 
identifier from the request is in the mapping(coL2, lines 45-67); when the identifier from 
the request is in the mapping(col.2, lines 53-61): identifying a management information 
base, variable referenced in the request(col.2, Iines53-61); based on one or more views 
referenced in the mapping, determining whether a protocol operation of the request is 
allowed for the variable(col.2, lines32-40); dispatching information identifying the 
variable and the protocol operation to a code implementation of the protocol operation 
only when the protocol operation is allowed for the variable(col.2, line 65-coL3, line 5). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the method of Kekic in view of Paulsen to add determining 
whether the identifier from the request is in the mapping; when the identifier from the 
request is in the mapping: identifying a management information base, variable 
referenced in the request; based on one or more views referenced in the mapping, 
determining whether a protocol operation of the request is allowed for the variable; 
dispatching information identifying the variable and the protocol operation to a code 
implementation of the protocol operation only when the protocol operation is allowed for 
the variable as taught by Luciani in order to support different protocols in a 
communication network( Luciani, col.1, lines 21-25). 
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One ordinary skill in the art at the time of the invention would have been 
motivated to combine Kekic, Paulsen, and Luciani to provide a method for a shared 
communication network by multiple consumers(Luciani, col. 2, lines 21-25). 

Claims 12, 18 are rejected based on the same rationale as claim 5(see above). 
Motivation to combine set forth in claim 5. 

Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 6,664,978 issued to Kekic et al. (Kekic) view of US Patent 6,614,791 issued to 
Luciani et al. (Luciani). 

As per claim 21 , Kekic teaches a method of controlling access of network 
management requests directed to one or more network devices that participate in one 
or more virtual private 

Networks(Figs.1-7), the method comprising the computer-implemented steps of: 
receiving a request to carry out a SNMP (Simple Network Management Protocol) 
operation directed to one or more managed objects from a MIB(MANAGEMENT 
INFORMATION BASE) (Management Information Base) associated with one or more 
network devices that participate in the networks(Figs.1-44); identifying, among a 
plurality of managed objects from a MIB(MANAGEMENT INFORMATION BASE) 
associated with a network device from the one or more network devices that participate 
in the networks(Figs.1-44), a subset of managed objects that requests associated with 
the particular network are permitted to access(col.4, lines 31-49); and in response to the 
request, providing access to only the subset of managed objects(col.4, lines 31-49). 
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Kekic however does not explicitly teaches multiple virtual private networks and 
determining, from the request, an identifier of a particular virtual private network of the 
multiple virtual private networks. 

Luciani teaches multiple virtual private networks(Abstract) and determining, from 
the request, an identifier of a particular virtual private network of the multiple virtual 
private networks(Abstract). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Kekic to explicitly add multiple virtual private 
networks and determining, from the request, an identifier of a particular virtual private 
network of the multiple virtual private networks as taught by Luciani in order to support 
different protocols in a communication network(Luciani, col.1, lines 21-25). 

One skilled in the art at the time of the invention would have been motivated to 
combine Kekic and Paulsen in order to provide a method for a shared communication 
network by multiple consumers(Luciani, col. 2, lines 21-25). 

Response to Arguments 

Applicant's arguments filed on 1/10/05 were persuasive, however they are moot 
in view of the new grounds of rejection. The applicant has amended the claims to 
overcome all claim objections and 1 12 2 nd paragraph rejection, therefore these rejection 
are withdrawn. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO-892. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Backhean Tiv whose telephone number is (571)272- 
3941. The examiner can normally be reached on 9 A.M. -12 P.M. and 1 -6 P.M. 
Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung can be reached on (571 ) 272-3939. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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